2001 Announcement Log
10/07/2001 - network outage
5:00pm Msen's core routers are receiving bad BGP information which is
causing a network failure. We are currently working on this.
6:42pm service restored through emergency measures.
09/18/2001 - New virus attacking Microsoft IIS servers
A new internet worm/virus has began propagating via the Internet this
morning, September 18th, 2001 at 9:00am EST. This worm named,
W32.nimda.a.mm is spreading rapidly and is infecting Microsoft IIS 4.0
and 5.0 servers. Currently the virus appears to be spreading through
several different ways:
-direct IIS to IIS across the Internet
-email with a README.EXE attachment
-possibly local shares (this is not known for sure)
Only preliminary information is known at this time.
The patch for this vulnerability can be found at:
http://www.microsoft.com/technet/security/bulletin/ms00-057.asp.
Anyone that has applied this patch should not have to take any
further action.
Any business customer who receives log reports of web activity for
their business account will see several "attack signatures" of the
Microsoft files that are being attacked. Since Msen does not use
Microsoft IIS, these attacks are fruitless.
08/03/2001 - Conch.msen.com down for Software updates
We are installing software upgrades from 5:00 to 7:00 PM.
07/31/2001 - Code Red worm expected to go active again
If you are running Microsoft Windows and have the IIS web server
software active, you must read the following. The worm will use
100% of your available bandwidth in its attempts to find other
machines to infect.
Any machine found by Msen to exhibit the worm's behavior will have its account disabled or the machine will be firewalled from the Internet until corrected. This is a madatory precaution on our part to protect the Internet. It has been estimated that a single infected machine is capable of attacking every address on the Internet in less than 12 hours.
Please test and patch your Windows Servers running IIS!
Below are several articles regarding the Red Code Worm as well as a link to Microsoft's site which includes current patches that will keep your IIS server from becoming infected.
Calm Before The Storm - Predicting the Return of Red Code Worm
http://www.pbs.org/cringely/pulpit/pulpit20010730.html
To get the worm off the system, just reboot.
The worm can cause servers to require a reboot because it will adventually use up too many resources and bog down the server (thus the pingable non-working box syndrome).
Though the reboot will kill the worm, until the box is patched and secured, it can be re-infected. The worm does netblock scans that are less-than-random, so boxes on it's network that are still infected are likely to re-infect the machine when it reboots (until it's patched).
Patches are available on microsofts site:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp
eEye's advisory plus tech info on it:
http://www.eeye.com/html/Research/Advisories/AD20010618.html
CERT Advisories
http://www.msen.com/cert-ca-2001-23.html
http://www.msen.com/cert-ca-2001-19.html
07/23/2001 - Phone bank #1 down
2:30pm The phone company for our first phone bank has lost air conditioning. The
systems are overheating and failing. Connections will be intermittant at best
until the temperature problem is solved. The phone numbers in
light blue are affected.
3:30pm The temperature is dropping and service has been restored.
05/11/2001 - Phone bank #2 down
4:30am During the storm, the T1 for our second phone bank went down. Repairs are
under way. The phone numbers in dark blue are affected.
02/23/2001 - Msen adds Sprint bandwidth
Today, Msen turned up a 6MB link to Sprint.
02/22/2001 - ssh vulnerablability removed
An exploit in ssh was found which may permit root access by remote users.
Msen has patched ssh on all servers to prevent the exploit.
02/13/2001 - AnnaKournikova mail filter installed
1:00 am - Filters were installed to delete the AnnaKournikova.jpg.vbs virus
before it infected customers mailboxes.
02/08/2001 - Bind (named) upgrade
In light of recent security issues with the previous version of
BIND (named, the program that provides DNS services), all Msen
machines providing DNS services have been upgraded to to BIND
version 9.1.0.
08/08/2000 - Spam tagging
Msen has started adding a header line to email when we
suspect that a piece of email may be spam. This is an
automated system using the Realtime Blackhole List
(RBL),
ORBS,
and the Dialup Users List (DUL). This
detection is done by the ip addresses found in the headers or envelope
of the email message.
X-Spam-Suspected-by-Msen-because-of-Envelope: [207.69.200.226]_orbs
X-Spam-Suspected-by-Msen-because-of-Header: [210.155.14.194]_rbl
are examples of the header line that is added to the email. These detection
services do provide "false positives", especially ORBS. Therefore, instead of throwing out the
email, Msen has chosen to only tag it as possible spam, and leave it up to the user to throw out
the email based on the recommendation. One known false positive is Amazon.com's
purchase receipts. That example alone serves as case and point on why we do not
automatically throw out suspected spam. Currently about 6% of mail is being tagged.
01/17/2000 - Newsfeed upgrade.
Msen has upgraded our newsfeed again. Binary groups should be more
complete and news should be delivered faster. If there is a specific
group that interests you and you do not see it on our server, please
send mail to service to let
us know.
11/17/99 - New Web Cache machine is active.
Msen has added a web cache server for customer use. This server is designed to speed up web page loading by keeping a
copy of all web pages that are viewed by Msen users. This eliminates the download time across the Internet for everyone
except the first viewer. We are running the cache in three modes.
Straight web caching mode: The server is a simple cache.
JunkBuster: Along with web caching, Junkbuster removed many annoying banner ads from web pages like www.buy.com. Since
you are not downloading the advertising images, you are able to get the web pages faster.
Anonymous browsing: This has caching and JunkBuster turned on. It also strips the User-Agent, Cookies, HTTP-Referer
information from the data stream. Since the cache server is the IP address that requests are made from, the effectively
hides the user from identification based on automated information.
This method is guaranteed to break some
web sites.
To use the cache server: Visit
http://proxy.msen.com/settings.html.
In there, you will choose which method to use, and set a cookie
on your machine. Then, you set your browser preferences for
Proxy Auto Configure to read from proxy.msen.com. This will configure
your machine based on the cookie choice.
This service is only for customers that are using Msen dialup
modems, dialup ISDN, or T1 customers. It is not for use outside
of the Msen network, as that defeats the purpose of a cache.
10/28/99 - New news machine is active.
Msen has finished building the successor to ink.msen.com. The new machine
is pravda.msen.com. The burn-in tests are complete, and were necessary.
We killed and replaced one 18gig harddrive in the first week.
08/30/99 - Upgrade to conch
Msen had been planning to upgrade conch soon. Today, we started getting
(corrected) SCSI errors on one of the drives. So, rather than try to
upgrade the old hardware, we switched to the new hardware. This is a
bigger, faster machine that is now running current code.
4/21/99 - News server rebooted
After nearly a year of uptime (345 days), Msens news server required
a reboot.
4/12/99 - Msen customer sues the phone company -- and wins!
Today,
in a precedent-setting case, the Michigan Public Service Commission
ordered CenturyTel to stop discriminating against customers making calls
to Internet Service Providers. The case was brought by an Msen customer who
was charged more than $2,500.00 for what should have been local calls.
For web page comments -
webmaster@mail.msen.com
For service issues - service@mail.msen.com
Voice: (248) 740-3400
Copyright 1997-2000 Msen, Inc.
Last updated
Fax: (248) 740-0690